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CLAIMS: 

What is claimed is: 

1 1 . A method for enabUng privileges comprising: 

2 establishing a session on behalf of a user; 

3 receiving a request to enable database privileges for the user; 

4 verifying trusted security logic has been executed prior to receiving the request to 

5 enable database privileges; and 

6 enabling database privileges for the user if the trusted security logic has been 

7 executed prior to receiving the request to enable the database privileges. 

1 2. The method of claim 1 , further comprising: 

2 storing call information in one or more frames of a call stack; and wherein 

3 the act of verifying comprises determining whether the one or more frames of the 

4 call stack corresponds to the trusted security logic. 

1 3, The method of claim 1, wherein the act of verifying the trusted security logic 

2 comprises verifying an application name. 

1 4. The method of claim 3, wherein the act of verifying the trusted security logic 

2 further includes verifying a security function name. 
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1 5. The method of claim 1, wherein the act of verifying, trusted security logic 

2 comprises verifying a module name. 

1 6. The method of claim 1, further comprising: 

2 collecting one or more session parameters; 

3 comparing the one or more session parameters against a set of trusted security 

4 parameters defined in a security function; and 

5 returning a result indicating whether the one or more session parameters matches 

6 the set of trusted security parameters. 

1 7. The method of claim 1 , wherein the act of verifying the trusted security logic 

2 comprises verifying a proxy user. 

1 8. The method of claim 1, further comprising: 

2 receiving information identifying the user; 

3 prompting the user for a password; 

4 authenticating the user based on information stored in an application program; 

5 and 

6 associating the user with a role. 
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1 9. A client-server computer system comprising: 

2 a computer including: 

3 a processor, 

4 a main memory communicatively coupled to the processor; and 

5 a disk storage communicatively coupled to the processor; 

6 a database running on the computer from the main memory, the database further 

7 comprising: 

8 one or more data structures stored in the disk storage, and 

9 a call stack stored in the main memory; 

10 an application program coupled to the database and configured to support a user; 

11 and 

12 a metadata repository embodied in the one or more data structures stored in the 

1 3 disk storage, the metadata repository comprising trusted security logic; 

14 wherein 

1 5 the application program is configured to initiate a call to enable database 

16 privileges, the call causing call information to be stored in one or more 

1 7 frames of the call stack and one or more security functions to be executed; 

1 8 and wherein 

19 the database is configured to: 

20 verify the call stack comprises one or more frames corresponding to the 

21 trusted security logic; and 
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enable database privileges for the user if the, trusted security logic is 
contained in the one or more frames. 

10. The client-server computer system of claim 9, wherein the application program 
resides with the database in the computer. 

1 1 . The client-server computer system of claim 9, wherein the application program 
resides on a separate computer communicatively coupled to the database. 

12. The client-server computer system of claim 9, wherein the trusted security logic 
includes a schema name and a security package name. 

13. The client-server computer system of claim 9, wherein verifying further includes 
testing a proxy user. 
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1 14. A computer-readable medium have stored therein ope or more sequences of 

2 instructions for enabling privileges, the one or more sequences of instructions causing 

3 one or more processors to perform a number of acts, said acts comprising: 

4 establishing a session on behalf of a user; 

5 receiving a request to enable database privileges for the user; 

6 verifying trusted security logic has been executed prior to receiving the request to 

7 enable database privileges; and 

8 enabling database privileges for the user if the trusted security logic has been 

9 executed prior to receiving the request to enable the database privileges. 

1 15. The computer-readable medium of claim 14, further comprising: 

2 storing call information in one or more frames of a call stack; and wherein 

3 the act of verifying comprises determining whether the one or more frames of the 

4 call stack corresponds to the trusted security logic. 

1 16. The computer-readable medium of claim 14, wherein the act of verifying the 

2 trusted security logic comprises verifying an application name. 

1 1 7. The computer-readable medium of claim 1 6, wherein the act of verifying the 

2 trusted security logic further includes verifying a security function name. 
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1 18. The computer-readable medium of claim 14, wherein the act of verifying trusted 

2 security logic comprises verifying a security function name. 

1 19. The computer-readable medium of claim 14, further comprising: 

2 collecting one or more session parameters; 

3 comparing the one or more session parameters against a set of trusted security 

4 parameters defined in a security function; and 

5 returning a result indicating whether the one or more session parameters matches 

6 the set of trusted security parameters. 

1 20. The computer-readable medium of claim 14, wherein the act of verifying the 

2 trusted security logic comprises verifying a proxy user. 

1 2 1'. The computer-readable medium of claim 14, further comprising: 

2 receiving information identifying the user; 

3 prompting the user for a password; 

4 authenticating the user based on information stored in an application program; 

5 and 

6 associating the user with a role. 
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1 22. A method for enabling privileges comprising: 

2 receiving a request to enable a role; 

3 generating a list of security policies associated with the role, the list of security 

4 policies selected from a metadata repository; 

5 executing each security policy identified in the list; 

6 returning a value indicating a successful or unsuccessful execution of each 

7 security policy; and 

8 enabling database privileges associated with the role if the value returned by all 

9 the executed security policies indicates each was successful. 

1 23. The method of claim 22, wherein said act of executing each security policy 

2 comprises: 

3 collecting one or more session parameters; and 

4 comparing said one or more session parameters to authorized session parameters 

5 specified in the security policy. 

1 24. The method of claim 22, wherein said act of executing each security policy 

2 comprises verifying one or more frames in a call stack corresponds to trusted security 

3 logic stored in the metadata repository. 

1 25. The method of claim 22, wherein said act of executing each security policy 

2 comprises verifying a proxy user. 
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